Your CMMC Questions Answered

There are ongoing challenges for the defense industrial base (DIB) with the new CMMC requirements. It is our top priority to answer some of your most pressing questions and keep you informed.

What is CMMC?

CMMC is a new set of cybersecurity requirements that serve as an extension of (DFARS 252.204-7012) that must be assessed and audited to become certified to do business with the Department of Defense (DoD). CMMC is not only about enforcing compliance but about protecting you and the entire DIB from potential cyber-attacks that would expose Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

Why was it created?

As our nation increasingly expands our use of technology, we are becoming more vulnerable to cyber-attacks. Over the last decade, we have experienced data breaches that have negatively impacted hundreds of millions of Americans. As the US expands its reliance on technology, cybersecurity vulnerabilities have multiplied over the years. The DoD estimates over $600 billion per year of CUI theft from the Defense Industry IT Networks. Recent attacks on the US government have made it clear that our cybersecurity efforts must be our top priority to keep us safe and resilient.

How do I become certified in CMMC?

The CMMC Accreditation Body (CMMC-AB) trains and educates organizations for CMMC auditing. This CMMC-AB has designated and accredited CMMC Third Party Assessment Organizations (C3PAOs), Registered Provider Organizations (RPOs), and the credentialed roles that support them: Certified CMMC Professionals, Certified CMMC Assessors, and Registered Practitioners. GSec LLC is proud to be an accredited RPO to help you achieve your compliance and CMMC needs.

One of the C3PAOs will assess your CMMC requirements to determine if you have met the necessary compliance with CMMC certification.

What are the 5 levels of CMMC?

CMMC consists of five levels, with each increasing in complexity. The clarification on what level of certification you need depends on the sensitivity of your work and our Registered Practitioners can help you determine what level is most appropriate for you.

  • Level 1 — Performed, Basic Cyber Hygiene
  • Level 2 — Documented, Intermediate Cyber Hygiene
  • Level 3 — Managed, Good Cyber Hygiene
  • Level 4 — Reviewed, Proactive Cyber Hygiene
  • Level 5 — Optimizing, Advanced / Proactive Cyber Hygiene